#637: Move a subset of password checks to a separate function and check it bug-637
authorMichael Tänzer <neo@nhng.de>
Tue, 21 Jun 2011 22:21:45 +0000 (00:21 +0200)
committerMichael Tänzer <neo@nhng.de>
Tue, 21 Jun 2011 22:21:45 +0000 (00:21 +0200)
on every login

The subset are some very lightweight checks that contains the check for the
old password suggestion

Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/general.php
www/index.php

index 5789875..aa74e9b 100644 (file)
                }
        }
 
-       function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
-       {
+       function checkpwlight($pwd) {
                $points = 0;
 
                if(strlen($pwd) > 15)
                        $points++;
 
                //echo "Points due to length and charset: $points<br/>";
+               
+               // check for historical password proposal
+               if ($pwd === "Fr3d Sm|7h") {
+                       return 0;
+               }
+               
+               return $points;
+       }
 
+       function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
+       {
+               $points = checkpwlight($pwd);
+               
                if(@strstr(strtolower($pwd), strtolower($email)))
                        $points--;
 
index 2634a47..d42a4dc 100644 (file)
                                $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
                                $_SESSION['_config']['oldlocation'] = "account.php?id=13";
                        }
-                       if ($pword === "Fr3d Sm|7h")
+                       if (checkpwlight($pword) < 3)
                                $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
                        if($_SESSION['_config']['oldlocation'] != "")
                                header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);